2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

Analysis

max time kernel
210s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

38.5MB
MD5

dded481da831784a00d556a1280c124c
SHA1

48b40f82f66dd678f1c2f4c1298eaae2875f75e6
SHA256

2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7
SHA512

78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd
SSDEEP

786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

2688 netsh.exe
3680 netsh.exe

pid	process
2688	netsh.exe
3680	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

fdm.exefdm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	fdm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	fdm.exe

Executes dropped EXE 9 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exefdm.exe

pid	process
5000	fdm_x64_setup.tmp
1436	helperservice.exe
4664	fdm.exe
4524	importwizard.exe
3016	fdm5rhwin.exe
4288	fdm5rhwin.exe
1900	fdm.exe
1796	importwizard.exe
4664	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exe

pid	process
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
1436	helperservice.exe
1436	helperservice.exe
1436	helperservice.exe
1436	helperservice.exe
1436	helperservice.exe
1436	helperservice.exe
1436	helperservice.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4664	fdm.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe
4524	importwizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

File opened (read-only) \??\F: fdm.exe
File opened (read-only) \??\D: fdm.exe

description	ioc	process
File opened (read-only)	\??\F:	fdm.exe
File opened (read-only)	\??\D:	fdm.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-62TE3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-CFA2B.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-2PBI1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-O6VPO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-8QUGK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-6O5EF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Layouts\is-9PAFN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-R7HL1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-3LTI2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-SI3CE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-QOS3K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-SKRG1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-PQU50.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-L30GF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQml\WorkerScript\is-BT4AQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-9OB9G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-P5HAI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-0OLQB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-RTGDV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-CT30A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-3FUD8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-FCMRJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-FVEPK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-J5KFH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-MOV4R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-V0JLM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Templates\is-PAOT3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\sqldrivers\is-EBJKK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\imageformats\is-H9LLK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\impl\is-7T041.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-29A33.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-DVI9E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-DP0D7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-AT7QK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Templates\is-JKROS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-589OE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-OLUUH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-2LCBF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-BKKFH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\impl\is-GS9AF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-CQUHL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-I6698.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-FBCII.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-GMTC9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-OR7F9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-HM9EJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-O7VHV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-99APG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-AEVBP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-FFSHV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Universal\is-OMT2O.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-3IKNI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-DH5K3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-M2I1P.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-30ERU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-3OVLL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-F5RI8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-TI7MU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-4TGHU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-0G243.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-U1HPM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-K1R7Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-OPS3D.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-A724L.tmp	fdm_x64_setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

Processes:

resource	yara_rule
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exe

description	ioc	process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

fdm_x64_setup.exefdm_x64_setup.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.tmp

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683740320941429"	chrome.exe

Modifies registry class 18 IoCs

Processes:

fdm.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\Content Type	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\URL Protocol	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\open	fdm.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{4C473CBD-93F2-454D-8194-D15DCF8B88D2}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\fdm\shell\ = "open"	fdm.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

1284 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

fdm.exefdm.exefdm.exe

pid process

4664 fdm.exe
1900 fdm.exe
4664 fdm.exe

pid	process
1284	schtasks.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

fdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exeidentity_helper.exechrome.exechrome.exe

pid	process
3016	fdm5rhwin.exe
3016	fdm5rhwin.exe
4288	fdm5rhwin.exe
4288	fdm5rhwin.exe
1292	msedge.exe
1292	msedge.exe
3388	msedge.exe
3388	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
4532	chrome.exe
4532	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

1900 fdm.exe

pid	process
1900	fdm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exechrome.exe

pid	process
3388	msedge.exe
3388	msedge.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

fdm.exechrome.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4664	fdm.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

fdm_x64_setup.tmpmsedge.exefdm.exechrome.exe

pid	process
5000	fdm_x64_setup.tmp
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

msedge.exefdm.exechrome.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
1900	fdm.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fdm.exe

pid process

1900 fdm.exe

pid	process
1900	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exemsedge.exe

description	pid	process	target process
PID 2360 wrote to memory of 5000	2360	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2360 wrote to memory of 5000	2360	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2360 wrote to memory of 5000	2360	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 5000 wrote to memory of 1908	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1908	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1284	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1284	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1004	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1004	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1772	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 1772	5000	fdm_x64_setup.tmp	schtasks.exe
PID 5000 wrote to memory of 4664	5000	fdm_x64_setup.tmp	fdm.exe
PID 5000 wrote to memory of 4664	5000	fdm_x64_setup.tmp	fdm.exe
PID 4664 wrote to memory of 4524	4664	fdm.exe	importwizard.exe
PID 4664 wrote to memory of 4524	4664	fdm.exe	importwizard.exe
PID 3388 wrote to memory of 1588	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1588	3388	msedge.exe	msedge.exe
PID 5000 wrote to memory of 3016	5000	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 5000 wrote to memory of 3016	5000	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 5000 wrote to memory of 4288	5000	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 5000 wrote to memory of 4288	5000	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 5000 wrote to memory of 2688	5000	fdm_x64_setup.tmp	netsh.exe
PID 5000 wrote to memory of 2688	5000	fdm_x64_setup.tmp	netsh.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4064	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1292	3388	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\AppData\Local\Temp\is-3QLNI.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3QLNI.tmp\fdm_x64_setup.tmp" /SL5="$60192,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5000

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:1908

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:1284

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:1004

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:1772

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4664

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=x86_64&version=6.24.0.5818&uuid=78ea5d0e-9f26-4d2b-aab4-3cfe82c25aea&locale=en_US&ac=1&au=1
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f62146f8,0x7ff9f6214708,0x7ff9f6214718
5⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
5⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
5⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
5⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
5⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
5⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13239081707739585993,13181570268340473418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3016

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4288

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:2688

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:3680

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:1796

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9f198cc40,0x7ff9f198cc4c,0x7ff9f198cc58
2⤵
PID:700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:1
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:8
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4844,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:5316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5280,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5400,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5680,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5796,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5732,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5872,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:5656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4652,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5828,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3308,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6140,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:6028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5564,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5088,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:8
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:8
2⤵
- Modifies registry class
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6136,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6548 /prefetch:1
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5552,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6012,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6260,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6712,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6704 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4556,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5320,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5700,i,10297434502874010143,3156013182167089408,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5992 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5152

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140_1.dll
Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core.dll
Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core5Compat.dll
Filesize
851KB

MD5
e50b9b3fa16362c86a40e6255c6b45e7

SHA1
fa8ce8fd6d4415abdb67597735575dc83a8fc634

SHA256
c95ab3df8dc0bfd92925b7b8b51bce859ae09008691874a5c6f5630969557564

SHA512
03a8ac0ae14e8420dd9fd91bc1619d072882d152127b3f2f1c6f7e670b7c54c524490e7c84a7cd0b76e2db413439a1ca55c4e03416fd6beb47b1067c3e960cba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Gui.dll
Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Multimedia.dll
Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Network.dll
Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6OpenGL.dll
Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Qml.dll
Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QmlModels.dll
Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Quick.dll
Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickControls2.dll
Filesize
87KB

MD5
8641967f2caf274abb1be307cc70204f

SHA1
08dea9d79289dc90dc75554baf0dce8eb7c53023

SHA256
7065885b1374f55ade04621b52b5ddf6d6e24cb6d57d89d2a1c5cd6bb0d1dede

SHA512
a8cee79efcb002aa2eef263ed0492a212b017375577f42de13322a8f8ba9f942fae2b8658fd7468a7a7bf1a19192013fb092efdf7695b8ca7d291990157154f6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Sql.dll
Filesize
291KB

MD5
04b54b342a7f3b56fe9b327cd3fffa86

SHA1
257cbc011eb1c1acb4121a1dbde801411fb3691b

SHA256
cec14ed64352d5c6e1e043d716cbd2d4575ddfff2e48633c6e6fa2670895ee59

SHA512
493003fa6b37c723ea08b0749348ca96fa0939a384ac452737947eb98195f1c1c78b9fd7c7220d0938cb526afc300232c0e52720d54919ceb05c311d6ed3b62f

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Widgets.dll
Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll
Filesize
111KB

MD5
ac0838c665b3741666667e37e9063bab

SHA1
0d6f7377aa10b53727b1bc1126b17b7b8c766509

SHA256
98867ba613760d132096bc835d0704dde75143dcf5545fffdb452c31fc8adb00

SHA512
4d535c928703b0bdfaf5569ea2c8cbc848123225fe6b53fe64db6a71ace06d392093500e1fd3673542adf86c569e7ee8044b812428387e1babb5ed74f6e2530e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
Filesize
623KB

MD5
cbbb8b877d4e4abc1cc5f7c87e52e4a3

SHA1
e0fbd3bfcbcfe1e9f85e9a03b5411b75cea5d206

SHA256
31a9512311013764320feba14e1d849dfc7bc0a689cadf5806a90043945128e5

SHA512
c201faefa7fb6fa5eaeb119da7f502951efc3251ad5a76eac1bd139379aa4b6da4f9e73bd0fc8dd0486f4973c9ccf21da401e01839f1a70032ff01bcf754e08d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
Filesize
7.1MB

MD5
b6eb17081c138903a98f4daddc5356ec

SHA1
95338c82ca76629178c342fabbcaf9fe8ad707cc

SHA256
88553acc42f9e638fe19771e0cb2badbe28f569583195d9306c8a8ef6343e297

SHA512
ef9242cd41585318d5daa47ac8cffc956672549f4ce9238db6227fa64ce800a7b64a25cd7b7175e3b1769f29fbc37e4b18c28375159eaa3bf294c1a48588e01d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
Filesize
136KB

MD5
bdd8417b62e8c1dd4352d654b1c0b887

SHA1
a4ca880967460b692351efdbf2e94438fb6f2630

SHA256
3f58d018ad24f506873b6e4eacae6e19585849e7d6638e72b585cff9a750ebf7

SHA512
9e2782c8543583b9f171e4aefd1685f32a70693998addc656169963ed973a93c0c81562c12ca52d07ac94cd628e7cb9909ba519344210cce4a36c64701f78aad

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll
Filesize
4.6MB

MD5
abbed3f87da630930d274871cb794a4b

SHA1
40398d1aa2c9b9be7aa7744e311b67b5296b0450

SHA256
7e8caae0c0e6bf6bc5ece9aad0cae238246a5a98c3409745f571316a50aea54b

SHA512
35c04b8ce4702bd6f8629011b382941d24a3122f8d6394e1d6dff3c11549993b16f2d1d4635f16b1d33aa0d5fd0d335d103e2199383934d52527366d6eb624ec

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
Filesize
43KB

MD5
9c93f9c583bb077a23f50c5d64cf1bb9

SHA1
d2b2a91bfc9b6cbeccef00a0b8c49f0ca201d78a

SHA256
6434f084d00beff3a67b9a20eca0c8a1940d380bc12990258042859cd98c5a20

SHA512
27db1a016b6804a5c03d78d163eb6588ffc024c4bcbc0d1c582cdfd7081f351a5ee9beeb6684ca70fb9a1ee24f0eaf0cf8e18120efc5f347db10692d931c04f9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll
Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_2.dll
Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-2U6LK.tmp
Filesize
1KB

MD5
63340c8fcb71734ce4bbac29a86821b5

SHA1
0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709

SHA256
78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8

SHA512
fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-FPP75.tmp
Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll
Filesize
227KB

MD5
514b4dd973694fe604c7ec22a3ec8481

SHA1
6285f9ce01e9d061e4d936b7fb44635a9ea19d93

SHA256
367ce7cbe3c20048ff6a19383b762efb31a3b5313fc8169a01c9256afd2cb7fd

SHA512
4eaacd3a196959d6579bb6c716dbba3d2ebb2f3121641c7b536839bd4c7744da5eae8315f65a4585f35bf76126a4468485b609a4ae9a2c62afd56640055352cb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml
Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll
Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
Filesize
698KB

MD5
8a839a29430dca22865dff4f2b5b0124

SHA1
600e3b1d00ed8b49e0947a470862da7b8944c48a

SHA256
0a8dae7bde1b75351c0f2a030e811f15cf2e341c57828bff22228539c3d574fb

SHA512
a374f2313e0f64bde4abf81fb5230cee4a8783c705824d55d44cc45157d272f7a488a4d911ac082eb9851ea4b57fcd817161643538e7587ba8a0feb2274d43c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
546c0b48ffde4e0eadb046d45ddbabec

SHA1
23befeebf4034c395b972fe7471148e9bd1172d6

SHA256
fa9162e2308b5af29dacc55e4b2f21b6a874e3a237d4de6b6dcab607afc3726b

SHA512
67b10aa6fe1645027367f7eb685bd7bc16de0946222a99a02653ae69d74b11165b765e2f9930960a8054939b55521d98872a0173c9594e389821c25a23afc272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
Filesize
145KB

MD5
37dac052614e6b0313388bb20acdc929

SHA1
07ab6772e27b7b9580d69cb0a1eb3fc13e1dde78

SHA256
d332e2e2790c6b751d4fbba8862f382159c0560f947b85326c70e3ab346f7859

SHA512
56ae6d57b47cdea40744c8b95cc5e5682387aafe7098ef27d3664dc7188261721b8e3dfd73e37e97623290922172f63e898fdc16442722131c76852772c5035c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
444356e24cebe143789c68df74f20520

SHA1
1a36c448a113a0af3b092acfac5c9135aec8b14d

SHA256
2e4e120e52be1a97ea62fac299b38a5c58747760835fa5d9b5b5565657e27180

SHA512
7b8d58aeb7325d4c79b15b269e05b1e6ec971ae8659a8469d9bb92c706cd8f339ca7678422e0e20aba49747a811156f7a7641f958402f1132172aa6a4e5aaf43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
398e7f5d84aa39ff063bb90d004c24be

SHA1
84f47d7ce25893ab22b57022d18225e273fc1901

SHA256
4f56f7da792a385550538c432557d9d98e39a32071e44a62b936a6b1feeb2af4

SHA512
c900329f77c2e6c40b2b768f8dd5a332b7d809d3caf1ffcc7abded5e5a331ebd3a375aba9f6587dd72486f08972543494cf3bea134d622ac8a93a18142b30628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
af3eefa8423ff085147c10639fc81222

SHA1
cb95003e271014db236702ef070a45611745552d

SHA256
5a3a11a8347d7a2b0bbc5b9d6c43fa3fc7e31eb894cdf9550f00f115a0e58ed2

SHA512
8e4260847a3f4e1a22a476266691c733f44f464b2db24408be42ac3b7320de7a6cacc14e10fbd1f2f04390f99d8da60b16f82b34a007264afd138d7af2c0a928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_fbuzo.dwhitdoedsrag.org_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
e5f06f87b6fe94262cf41118c634dc79

SHA1
e8f29370becd290f364a13062bd7d2fc79c205c2

SHA256
52c207142f0e1390317934d42a475de3c06cfb52129b90711cfb4311d3296d1f

SHA512
fc9baa8839435c17fd7de66ead77d716b7d83f3a88d7bb091f69d0408105646560ae273ec28dcc6eb4bbccf13cf469ee0d413b40aa8dee95e490848fe2e851e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
9f826c88adcf55b6b47d2c7934a581f7

SHA1
2cba819a9a96e8fb5c7aff64f4cf0e77b9192370

SHA256
d310ae256e893b739d0c84a20301ab1b8e059193cadda5a57caec2a8f6f4eddd

SHA512
88731b873275a73938b4156ff6a581324211b9ee1b1fda162c5986ebbf498d823e09c9985228abe6a9cf1371063c4234ed2b633e3f1b44bb7b385fb4fda4d0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
771afa11a54245a26120602c5ffbfdc9

SHA1
f273dd1c51114e10eca0c47d568900a12d43442d

SHA256
57c04a5313064ad55afb677ea60b345ef394dadd5848050d29f438fa45832159

SHA512
f89eb1a20295303669a5c4224d70883fbe2edabef24558e08f7283ef6ce9d78462ad81b0f4a5b6080ba6c89f4accefb730a4d22bbdc868860f7087fa42220fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6ef81a4295285137d564374eea88973e

SHA1
08e25788965fe62895606f28b1883be5efc96a80

SHA256
c254aff0735c7fe6ac32cea9482e94e510a495e4325f50328f730aeb58cbc0d8

SHA512
094bf28edab7e2610d5e98427988aef9589952952e77aed6f4d58245d944fb55f01001ec1c7925ca847b195c65dd7f94186e9a980301d9f02f6ac0b8dcf01480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
26c6531272647265d82b167fa5aed76a

SHA1
84eb78390b7df3717b25eb8067fed1c3c3a5d50c

SHA256
f69f7e5b35801a5d4e0cf402de2f3dab08773f39bb0e18e3c4770142788f8b65

SHA512
89b8c06f87bae3438a8d3e61b419465b6b6cb4d4fc7ffd1e8bb118506abe8b8a7d778e468c871a9f1e9a11c15a2770c10cefa26cd80f42e79cf1cea62eec5f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9e0367d2f0c41af0e272387c8ad1c3ba

SHA1
375a71ac5bd7bd7c226fa75ab4a049608a6f8208

SHA256
d1fe8d187c353adfc40b17591e9c06c620a66aa82a9364cdf213a52e50e2dcf9

SHA512
1abbcbbfbf6bcd9b86a04f78d7026cd639ff91cc83d1bac281077190d291bbd358ab774d9b78f463a014ca46136f765112b454b004f1bb7c8d71f1037703d028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1be5bbaacf66425fde1f8e9cee4a40d2

SHA1
9df0344025303d9d3e39daf54fba60146a04d4c8

SHA256
aa852c60bc4d0e25ce5e92ff936007ea62a94df7871bc1341a0b73d11344df2b

SHA512
b4d82c197da4a0634a0fea4f3e467f7d4a09972241c2f904f353366a7d01a9a85b7e4534249735abf478ef8306252e3b18480df8c1ad5fdde709aa14335d4534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a9f7a8bab5ad0749cb8d0c2a1dbc7aa2

SHA1
1dab841141480e63d1cb43639a223df736b1aa53

SHA256
32d8fe1916f3b67b0a919c9ad724d7da198bc0875013fda9ecba0d8dfb9e5a8e

SHA512
f732e28aa4b3c2fb506909b7ca6cb9efaf8368f97432d356f2a006719419405a4e835bae72d2cd782e49f6cb2b6308a0e9972b25fc9dcce69a14f8810210a7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
0e34280207621754c55e5314f7d156eb

SHA1
fd405f4bb2057f95c7cb7640e1d99db4af655123

SHA256
99b0cdcc60feb35be51e0764ca739a9497caacad18d58ba2ec76614683bbdfd7

SHA512
c8fcadad32eaec713fde1ca0a7ef0ac567415705a96c07a1545992e7796c2d6d35ea744bba3025dc0d1170f431a026a091e9c93bcbccebb7ae2735d7a7b5dbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
28d6979f50669a48813fc71a3151b6e9

SHA1
bc409ccb2a6e152232ee01dc76c1f54590b90e5d

SHA256
594593462883e9a303e194619ef7284450b1cac1f6f13fd9b73374e29ed6ff72

SHA512
51cd42bf30ab5ccc4fe5974ef92ebeffcd32b3f5a3145d81efc7923781016748173b3a2900dd68c51fedbdb8e96177201a94a1e14351814c5688b6bb5155419f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
85b3877962de5354f7eed935f3eaa083

SHA1
543879d7a29d30dd7f256e19dab711aa5421b670

SHA256
afaeb7eba2241aa29ad3108f5edaf99c58b9a4e7a82a7486c024988683321ad9

SHA512
15932c460a310aef4a64955af740acbcf765cd2d3cd2fff40edf8b8b997f56a1b0a2e75d3ccbdfe949b164fa238197827dce228cdc1d6400d982676a4878871f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
0215449ae5ca060db9050ee15908cc15

SHA1
74aacc5e63e8155b5b7cc8a9e8798e00db1edb7d

SHA256
0f8a96f815b7e386a2ee196c3c15eee2e15b1ac4e69035eceb98bb866181c2c3

SHA512
7da0e7ac8066d603faa3c6fb9055e676350df1717bc3b9518b059798b00b67ef15eddae8c9735f2a9c292bb4f0bf9b129684925d62d0c99378868e9942355cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
12KB

MD5
7abd308e928b19bdda0ddc018306bc94

SHA1
9eb0252e72bf20cee740c550e80d31eb2ea5ec3f

SHA256
67783bea3519e13b3a6b38565682a86eb14a313f2a1d8a331799c5eebd59aed8

SHA512
f89e217d1f3950630e8aec660a3e478c4426586e5a3d61db9c7e7b228f632bf40f6585bd52ac9352c4c9945e3d01c0377371d4edf49c1aa33e7b32d915dab17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
13KB

MD5
c032bb23bc62b20e41bdb6339033f58f

SHA1
98ac805995bc9e0be8ecf336508b52c2b8f97700

SHA256
445a9e2ec231afea18ccb61affe1a575f2586c9ee3dad4fa308cac9e260c05b2

SHA512
5dbbea1827cd2ec701753e6d2b2004463fb37691e244fec00c1fc24e798247f337e8f1e0f14b00d5b3f0aa79b9e9e964f5aab42715a97cf47f50a679a3f32c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
13KB

MD5
1ecdbade6ad51ca82a63848236d8532f

SHA1
84540107246083bed69ad283087529ff21efaa24

SHA256
46f76b5c511126fb6f32bbb59e29bb40af3d3517b9b706a423fdf0fcf7ab73d1

SHA512
1fe42bdec228c8b4b85d9a58626f92f755d3b43d43c0ce94c5241822172de69bfa7f3d7058ce69fad9153daa9914d1055c9177dcd82c12737091e8fe9ed10150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
84d1bc90d8794514b876c97f444af6ca

SHA1
5a44148a233a7a2d0f7d83a05ad8e4dc3db6d2c5

SHA256
0bcb3a1143c43b855acd9aa386a6e1a3513c0ba2aceb3b54cf562c856134273c

SHA512
f733da58f8d0d04b3cbb2b6c45ff806a08defc3b03e818ca2e5b780887f65f9657d397e14e82490d4297c7da83e918004bd50a71ee075e1732b2bce5506b6e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3fdfe0e297ebd0119d8b61c13e4b6c5c

SHA1
2be4536978c838873a3b0192a9290d7694a92dbf

SHA256
6d74d5d731622f65759793446b5938136221d159592d7da800164e00f1f71d5b

SHA512
d90f9dd694d680a221f75f0eb0f964ebc116e078ac8bd23dbc2e60e0c41cf5ee956f1bae4d9bf8717a797d9c509237e90fc52384321a9bfe433addfa22f31742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6c4beb3a29b611d5fc266c5a2289e653

SHA1
fa77140a52eb8ca63324faeb35dae9dd62613dc8

SHA256
86168c472e7a82a7c5167be7c0a5103bb1f583e19f5945c35aed58a2541d07ac

SHA512
4752182a87ef8ac5be0e4029e05ac517c2bceaa1eeca240b7936ba1320559812accd2f5aee7f1c08939d7abc57a1b4e8ffcabf84cc06477147e7f302638a0bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
13KB

MD5
349d2f9f20272667caabb1c8ca050c83

SHA1
a1681dfe91012ad44e02b23962e5b758d82de9a1

SHA256
6a3e0ce92266ec0849df7c5e592e3ce6c1b58de0f3896684605851b71bf7258e

SHA512
f6d5d423b6654e0ae9085ae4b7bd56fb39de7ccd51c5646c00ae6b7f1f5925f0ca02fd2928425c52eea227ac0b5e518f7931677702f93622da08a9ea8a60be4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a2ca2d06d9fd866e9d03c30109f18689

SHA1
874d1d40e3e76f770e9c411adee2036db0879dd5

SHA256
86dcaa36ad27c629b1a191436987b86cc7e9d83425ba2d376efd25d2a1d972ff

SHA512
1d42ef3acc4d0bc2cdefa8529d90421b029e7ea181526da5463a68031d87a6234ab7e4abc23414c6136f6acaaf09312a07da1d216ff249d45fd99cce9c97c30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b8566daea1c154138861ab9ad9799624

SHA1
f884ab2914012b1fd83e3f90ff1caf7e27689b80

SHA256
ef9a463583f9110847f99723eb7b002cb653a52e93e850a9f4eb95762e3cbe54

SHA512
1a27cdb5a8de674e369a637307923445bd5a4283d42b9d8af1d6e1f066071968deb41636b0203ea5cffa1660c428f3dda063b9e317a90d4f2cf364a29df26963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
c4868d57b8e7117e5d3b4a0a921ff16b

SHA1
a25620034728856c5bb344d28750ea1c1a4a2d06

SHA256
4bb67b2d14ed6843a52eb552155d3eda3ee672c946136c9099ca777b171ded02

SHA512
d6368da7b28405ee14c39970e1da6ca531f3003d6a580e4b0161fd8cebb09227ca13306dd3d10d9534f4cb693bf26a095ba0a95a90f59d34da158d21eb1b7b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
13KB

MD5
b8ff50074997dd0184a8a3cbef915257

SHA1
5d0793a280e6f08d81a60bc997caeb9f336d8535

SHA256
c29894a8699322e31d510e1790e350d6158c1edc1c1ebddac2bf6a165d99e33d

SHA512
b25f5416d2af83e239f8ecdf2cbb390cc74ba8c0b1b18f6d2fd4bc2aedc21f4a6ca67b81761a84bd1b7ca9609545d83ffb25fc6cc5d7365b0e1b7cb392688118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
532c75afe2dcdfa1a436a447f2a35f48

SHA1
c7fbdbdedaf937ef2c9c7326c1467bc38d43647d

SHA256
81e8b14149cf00a05b07fd4f5ece8fde06de727508af39fd91469450a4bcef28

SHA512
50ed73c7eb35c7d2c004dc55151762e9357c6289c8f449b1e1bac0c0bbe4c6f69b3fc823721bf078993d2e0417c7d31a80aa95d103add5dc18f129caa4b30eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
288B

MD5
f796f335c6bbcdc5e976a4cdbb437d1b

SHA1
63661107a2d25db2917755016128952c2b452cd0

SHA256
1ed3764e4e88e4055e93e1eb2ed429623f12af6dbd74459a285128fb327462bc

SHA512
42ca08c56a1ec95dfa7dd9c1adb8976f69ddbc19caec76a9720a76c1d4c4d8b172c991b440b1cff553d0ac666da6a537c6ee1408b7bf0d54feeed9b2f3e78199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
ac13f11a3083d482ea2be6877b92fafa

SHA1
513e4c54f7307634a5d054cebaaac02f0bd4305b

SHA256
830650ecd85e6ccd17f7b89ed6f15fb2bead92367765e452f529dbd3d49b9fbd

SHA512
f2e5cc410615f457d6cdb5f3354d3fc5efdc585cb5e4fc682ff3dd3b86f754bdb88119c516b5526edb9d47c6b071192be006d16270a5a92ddd0b7ca59d284be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
d89004d739c5b7b0f93d51562931edef

SHA1
435d8ca06e5be0bd6e671f4e69e70c6e7b93409d

SHA256
726630ed9014173893d0d81665ffed2f08e08ec0a80d6f287530b8c0bc77ef91

SHA512
209255f6bf4cd8764dc311fb762b11f2116ebb12778804ebc7334aa1c6326e952f5b618e18f8acaba8548a29d7080edc8084a1b659f94aae5057d6dff98d9832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
6ca5dc7e74b8f5b55a63f7a6aa940eab

SHA1
0350018757946d30e1727cc13887d7e12632b21c

SHA256
5e8c0bb5839f7ff4a278469a4e138d6f0f08ea7cfe161d9888aa45f2e4314430

SHA512
73314f67d23bbd858f862cf848ddf3c04afb689cc91628393754e6dd3f83bb43b1dd130b4a0b0e4ecb94819369356cdbcdb82c368bacd2a3002264ca39b31158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
37ee9bf70226af6100970873c6389f84

SHA1
a6d15d918b27ecbb54aea6953055c93d2c743026

SHA256
8a19323e3423390f348970fcde419a241294c62e0caa2f0d9384a8d41588c50b

SHA512
45bb90639520b2335c4cd6c01b5e7ef2323fcd10b94f3b287eccb1696d015d24451363f9ba524937d0746e84adbee885e21daa1d259e9cad1a48d470cf661233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
6f1198d691317d8c171f2fe7fb9baf6b

SHA1
6ccedbd53a8cae887f811a930fa4292c24318208

SHA256
dbdb462e30c865f747253ddf9d7c015bce7913214254a9df380788f1efc1d9ee

SHA512
8741743d9c649c731364ce07a622041effe22d30d3160dc3c25b035c0bb34cf7921701a911841705011ed0ffba55eecf2a4890063a7ef5f9f4bf2fa797a3f9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
f9e5b240570cc8a396eddfe5bddc7466

SHA1
2eb144a64fb34aecdcf522e28a32c0ee6d4b4b2b

SHA256
a1207e7f074c90ccc8bd62de51737f11ce776463f63e99e0b9430d1b7e90d3c1

SHA512
c544db9d3648e3e7b8e2b441dd55e842005bdfc64f1cb1abd5c215075a9c8d8163879fab3d9eee4eddebe76e0ed8d6031a94a543a645637970eda4e798cb8da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
46d5400c263065f5d0c8ac103e24a47e

SHA1
5d2373e1abf1cbb24e3fa47f3d7d01d92588c2c9

SHA256
11f42a3ab22e2cc810bd66c2627bb0c640670c756d23ba0b91b10c0230bfc377

SHA512
43bd02f7eb01e7e7c7ea72737e87b2e613d29449515917e0e340ba42f64759c9675249ac5486faf23e8a968d5cd8c3e69a1598e2c616528166b122fcf894b8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
72f4c091414cc3337f7b3e6732a3e215

SHA1
3eb699bc77d529279598c11bf7a9cbc7f077b13d

SHA256
8cb43e468639b4d8ca2ccf04b3487db7f21f83a0af5e9085877a5d683acac0d5

SHA512
668917923a664e05c83b1cb6b38652e35d5f278a42356efa132b67b20d35e5ee6c8ea7caa2ccd48873e2adaefac517430cea8e1747170aa0e4b9c3e8d923ffec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
47734be941e5d193f3dd738caca674ec

SHA1
6aaae4f2cf960007729c609b972a080aaaf9925c

SHA256
7e853a88f959920c0b1bcdd70b4e2ca5b5bf5a65cc435a3a95983cee12ab3a04

SHA512
8e6379400a6f843ffae93bdc5260aab7e405496f1795c2f8f9c0a7f320768adb917f24011ddc2cede691a4e48e655beec0d882dbef34e6f2d931036aa52daea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
56c7305e32545ba0e34be6d35b69465d

SHA1
5d0077df53bafa7f9d0be8d2d99d5aa9380d3874

SHA256
61ab1a815176e1e773f33e27e0e0fe980cc355bb2fdba5aff8ad4bd1dca0147a

SHA512
16dca32796ceda04e9cbe30e1402e565df94ffb09a310c0a62284d43e364f851546b83ca6555764c2efc6cdc97fee96671643d84101b47f95eefb4da6037293a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3QLNI.tmp\fdm_x64_setup.tmp
Filesize
3.1MB

MD5
60f76f6e78d966f31d9c574c7465899d

SHA1
2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

SHA256
ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

SHA512
59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
7KB

MD5
0f9ab376cd0d0378a05e7e03eb16a399

SHA1
de64cbe1db487c8eb0b23439bee22979260c9202

SHA256
77e6dcdadd41b09536f863f5b594a52fb3d025c98fa949e9a5d6b191477e8558

SHA512
c7064f30968f02de0a051e4c15334d9146b8b00d657459f9239b53e35a47bfb4bf8aade359bb3449ef81d8e8e68208b452c011536b7ba5b6ae4bc8da4e5b20f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
8KB

MD5
73b8fc37a068b203ceae4f168667626d

SHA1
2961bdb1c2510a8bad42598cc9024261684b509c

SHA256
c3a9b36468a0f33c3794de6889f08988a2fb3cb09195fd7ce871615bfdcbb307

SHA512
02a32e516e322e5f0f692bc02843253a3ddf56c48cbb839b20372a15f7796e95d54d463c6f3c604d22db93050ec673d956a194f2e0c9a783ca290544ce3d417a

Download Submit
memory/1796-1785-0x00007FF9F5640000-0x00007FF9F5C6D000-memory.dmp

Filesize
6.2MB

Download
memory/1900-2243-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2268-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2272-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2271-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2270-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2269-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2244-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2267-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2266-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2265-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2264-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2262-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2261-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-1794-0x00000214E8960000-0x00000214E8B62000-memory.dmp

Filesize
2.0MB

Download
memory/1900-1792-0x00000214E8510000-0x00000214E8952000-memory.dmp

Filesize
4.3MB

Download
memory/1900-2276-0x00000214EB7C0000-0x00000214EB7C1000-memory.dmp

Filesize
4KB

Download
memory/1900-2238-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2237-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-1751-0x00007FF9F5640000-0x00007FF9F5C6D000-memory.dmp

Filesize
6.2MB

Download
memory/1900-2245-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2239-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-1750-0x00007FF9F79B0000-0x00007FF9F7EF5000-memory.dmp

Filesize
5.3MB

Download
memory/1900-2278-0x00000214EB7C0000-0x00000214EB7C1000-memory.dmp

Filesize
4KB

Download
memory/1900-2260-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2240-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-1749-0x00007FF7ECF00000-0x00007FF7ED62A000-memory.dmp

Filesize
7.2MB

Download
memory/1900-2241-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2242-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2275-0x00000214EB7C0000-0x00000214EB7C1000-memory.dmp

Filesize
4KB

Download
memory/1900-2273-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2277-0x00000214EB7B0000-0x00000214EB7B1000-memory.dmp

Filesize
4KB

Download
memory/1900-2252-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2253-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2254-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2255-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2256-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2257-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2249-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2258-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2259-0x00000214EB7A0000-0x00000214EB7A1000-memory.dmp

Filesize
4KB

Download
memory/1900-2250-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2248-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2247-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/1900-2246-0x00000214EB670000-0x00000214EB671000-memory.dmp

Filesize
4KB

Download
memory/2360-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2360-1756-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2360-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2360-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4524-1522-0x00007FF9F8B40000-0x00007FF9F916D000-memory.dmp

Filesize
6.2MB

Download
memory/4664-1520-0x00007FF9F85F0000-0x00007FF9F8B35000-memory.dmp

Filesize
5.3MB

Download
memory/4664-1508-0x00007FF7ECF00000-0x00007FF7ED62A000-memory.dmp

Filesize
7.2MB

Download
memory/4664-1510-0x00007FF9F8B40000-0x00007FF9F916D000-memory.dmp

Filesize
6.2MB

Download
memory/5000-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5000-1620-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5000-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5000-1753-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5000-1370-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download